Collaborative Access Control in Webdamlog System Analysis

 
Continuation of ERC Webdam
 
ICDE 2012
 
Mai 30
, 2012
 
Collaborative access control in
Webdamlog
Serge Abiteboul
INRIA and ENS Cachan
 
The context
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
2
 
The context : loss of control
 
A typical Web user has more and more data
of all kinds, on many different systems and
machines, in heterogeneous formats and
ontologies
The user is overwhelmed by the mass of
information, cannot find the information
needed, is not aware of important events
The user cannot manage/control his/her data
and how  others access and use his/her own
data
 
3
Thesis
 
Organize your data in a Distributed Knowledge Base
Issues
A language for this DKB: 
   
Webdamlog
A system for this DKB: 
   
Webdamlog system
Contradictions, missing/noisy data: 
 
Webdamlog+Proba
Access control: 
    
Webdamlog+AC
Personal data/information management
Data 
 
 
Information    
 
Knowledge
4
 
Context
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
5
 
Datalog
 
Extensional facts
 
friend(“peter”,”paul”) friend(“paul”, “mary”)
friend(“mary”,”sue”)
Datalog program
 
fof(x,y) :- friend(x,y)
    
fof(x,y) :- friend(x,z), fof(z,y)
Intentional facts
 
fof(“peter”,”paul”) 
 
fof(“peter”,”mary”)  fof(“peter”, “sue”)
 
fof(“paul”, “mary”)
 
fof(“paul”, “sur”)
 
fof(“mary”,”sue”)
 
6
 
WebdamLog
 
Extends datalog with negation, updates, distribution, time &
delegation
Autonomous and asynchronous peers
Dynamic network & dynamic facts/rules
 
Influenced by Active XML (INRIA)
 
& Dedalus (UC Berkeley)
 
7
 
Facts
 
Facts are of the form 
m@p(a
1
, ..., a
n
)
, where
m
 is a 
relation
 name
  
&   
p
 is a 
peer
 name
Examples
friend@my-iphone(“peter”, “paul”)   
  
extensional
fof@my-iphone(“adam”, “paul”)   
  
intentional
 
 
ontology
: isA@yago.com("Elvis”, theKing)
 
localization
: where@alice(pictures, picasa/alice)
 
access rights
: right@picasa(pictures, friends, read)
 
8
 
Rules
 
[at amk]
fof@amk(x,y) :- friend@amk(x,y)
fof@amk(x,y) :- friend@serge(x,z), fof@amk(z,y)
 
9
 
Rules
 
Classification based on 
locality
 and 
nature of head
Local rule at my-laptop: all predicates in the body of the
rules are from my-laptop
 
Local with local intentional head
  
classic datalog
Local with local extensional head
  
database update
Local with non-local extensional head
 
messaging between peers
Local with non-local intentional head 
 
view delegation
Non-local
      
general delegation
 
10
Local rules with non-local extensional head
A new fact is sent to an external peer via a message
$message
@
$peer
($name, “Happy birthday!”) :-
today@my-
iphone($date),
birthday@
my-iphone($name, 
$message
, 
$peer
, 
$date)
 
Extensional facts:
today@my-iphone(
March 6
)
birthday@my-iphone
(Manon, 
 
sendmail
,  
gmail.com
, 
March 6)
 
sendmail
@
gmail.com
(
"Manon”,  “Happy birthday”)
11
 
The Web as a distributed knowledge base
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
12
 
WebdamLog peers
 
Support communication with other peers
Support common security protocols
Support wrappers to external systems such as Facebook
Manage knowledge
-
store knowledge (facts and rules)
-
exchange knowledge with other peers
-
perform reasoning
 
13
 
The Web as a distributed knowledge base
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
14
 
Motivation
 
Contradictions
 (in intentional or extensional data) come from
-
errors, lies, rumors, updates
-
FD violations: some think Alice was born in Paris, others that
she was born in London
-
opinions: some think Brahms is great; others don’t
Uncertainty
 comes from
-
lack of information
-
contradictions
Probabilities
 may be used to measure uncertainty
-
80% think Alice was born in Paris, 20% in London
-
sources: we observed that Peter is wrong 20% of the time
 
15
 
The Web as a distributed knowledge base
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
16
 
Requirements
 
Data access
 Users would like to control who can read and
modify their information
Data dissemination 
Users would like to control how their
data are transferred from one participant to another, and
how they are combined, with the owner of each piece of
data keeping some control over it
Application control 
Users would like to control which
applications can run on their behalf, and what information
these applications can access.
 
 
17
 
Coarse grain access control
 
[at Alice] 
album@Bob
($p,$f) :-
  
photo@Alice($p,$f)
  
friend@Alice($f)
album@Bob is 
extensional
Whoever has read access to album@Bob sees all the
relation
 
18
 
Fine grain access control
 
[at Bob] 
photo@Alice
($p,$f) :- photo@Bob($p,$f)
[at Sue] 
photo@Alice
($p,$f) :- photo@Sue($p,$f)
 
photo@Alice is 
intensional
Toto who has read privilege to photo@Alice and
photo@Bob only, sees only the photos of Bob
photo@Alice
Lulu who has read privilege on the three photos
relations, sees everything
The provenance of a fact determines who sees this fact
(Truman paradigm)
 
19
 
Overwriting the default for intensional
data
 
Suppose Bob wants to publish only the photos of his
friends
[at Bob] 
photo@Alice
($p,$f) :- photo@Bob($p,$f)
   
friends@Bob($f)
Issue: you can read these photos only if you have read
privilege on friends@Bob that is private
 
20
 
Overwriting the default for intensional
data
 
[at Bob] photo@Alice($p,$f) :- photo@Bob($p,$f)
    
[ hide 
friends@Bob($f) 
]
Hide: blocks the provenance from friends@Bob
Bob declassify this data just for the evaluation of this
rule
You can declassify only tuples you own 
 grant
privilege
 
21
 
Issues with non local rules
 
[at Bob]
message@Sue(“I hate you”) :- date@Alice(d)
aliceSecret@Bob(x) :- date@Alice(d), secret@Alice(x)
Ignoring access rights, by delegation, this results in running
[at Alice]
 
message@Sue(“I hate you”) :- date@Alice(d)
 
aliceSecret@Bob(x) :- date@Alice(d), secret@Alice(x)
 
22
 
Default solution: sand box
 
We run the rule at Alice in a 
Sandbox
We use the access rights of Bob
So the second rule does not succeed in sending secrets
The message specifies that this is done at Bob’s request
So requires authentication/signatures
Alternative: 
delegation without sandbox
. Possible if the
peer that asks for the delegation is given the privilege to
install rules at the other peer – Here if Alice gives Bob
the right to install a rule in her environment
 
23
 
The Web as a distributed knowledge base
WebdamLog: a rule-based language for the Web
The WebdamLog system
Inconsistencies and uncertainty
Access control
Conclusion
 
24
 
Thesis
 
Let us turn the Web into a distributed knowledge base
  
with billions of users
   
supported by billions of systems
    
analyzing information
     
extracting knowledge
      
exchanging knowledge
       
inferring knowledge
 
25
 
Contribution
 
The general approach 
   
[ICDE’12]
The WebdamLog language 
  
[PODS’11]
The WebdamLog System based on Bud engine/Berkeley
[WebDB’11, DBPL13, demos ICDE’11, SIGMOD’14]
Contradictions, inconsistencies 
 
[ICDT’14]
 
26
 
Ongoing works
 
Optimization & access control with Drexel Univ. (Julia Stoyanovich)
Performance evaluation shows cost is acceptable
Now: Personal information management systems
Joint work with Amélie Marian (next EDBT)
Joint work with Benjamin André and
 
Daniel Kaplan (To appear in CACM)
 
27
Slide Note
Embed
Share

In the WebdamLog system, Serge Abiteboul delves into collaborative access control, loss of user control over data, and the need for a Distributed Knowledge Base. Discussing rule-based language, contradictions in data, and Webdamlog+Proba for access control and data management, this exploration sheds light on issues faced by modern web users and the potential solutions offered by innovative technologies.


Uploaded on Sep 06, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Collaborative access control in Webdamlog Serge Abiteboul INRIA and ENS Cachan Continuation of ERC Webdam Mai 30, 2012 ICDE 2012

  2. The context WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion S. Abiteboul EPFL-INRIA, 11111011111 2

  3. The context : loss of control A typical Web user has more and more data of all kinds, on many different systems and machines, in heterogeneous formats and ontologies The user is overwhelmed by the mass of information, cannot find the information needed, is not aware of important events The user cannot manage/control his/her data and how others access and use his/her own data S. Abiteboul EPFL-INRIA, 11111011111 3

  4. Thesis Organize your data in a Distributed Knowledge Base Issues A language for this DKB: A system for this DKB: Contradictions, missing/noisy data: Webdamlog+Proba Access control: Webdamlog Webdamlog system Webdamlog+AC Personal data/information management Data Information Knowledge S. Abiteboul EPFL-INRIA, 11111011111 4

  5. Context WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion EPFL-INRIA, 11111011111 Je kiffe datalog S. Abiteboul 5

  6. Datalog Extensional facts friend( peter , paul ) friend( paul , mary ) friend( mary , sue ) Datalog program fof(x,y) :- friend(x,y) fof(x,y) :- friend(x,z), fof(z,y) Intentional facts fof( peter , paul ) fof( peter , mary ) fof( peter , sue ) fof( paul , mary ) fof( paul , sur ) fof( mary , sue ) S. Abiteboul EPFL-INRIA, 11111011111 6

  7. WebdamLog Extends datalog with negation, updates, distribution, time & delegation Autonomous and asynchronous peers Dynamic network & dynamic facts/rules Influenced by Active XML (INRIA) & Dedalus (UC Berkeley) S. Abiteboul EPFL-INRIA, 11111011111 7

  8. Facts Facts are of the form m@p(a1, ..., an), where m is a relation name & p is a peer name Examples friend@my-iphone( peter , paul ) extensional fof@my-iphone( adam , paul ) intentional ontology: isA@yago.com("Elvis , theKing) localization: where@alice(pictures, picasa/alice) access rights: right@picasa(pictures, friends, read) S. Abiteboul EPFL-INRIA, 11111011111 8

  9. Rules [at amk] fof@amk(x,y) :- friend@amk(x,y) fof@amk(x,y) :- friend@serge(x,z), fof@amk(z,y) S. Abiteboul EPFL-INRIA, 11111011111 9

  10. Rules Classification based on locality and nature of head Local rule at my-laptop: all predicates in the body of the rules are from my-laptop Local with local intentional head classic datalog Local with local extensional head database update Local with non-local extensional head messaging between peers Local with non-local intentional head view delegation Non-local general delegation S. Abiteboul EPFL-INRIA, 11111011111 10

  11. Local rules with non-local extensional head A new fact is sent to an external peer via a message $message@$peer($name, Happy birthday! ) :- today@my-iphone($date), birthday@my-iphone($name, $message, $peer, $date) Extensional facts: today@my-iphone(March 6) birthday@my-iphone(Manon, sendmail, gmail.com, March 6) sendmail@gmail.com("Manon , Happy birthday ) S. Abiteboul EPFL-INRIA, 11111011111 11

  12. The Web as a distributed knowledge base WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion S. Abiteboul EPFL-INRIA, 11111011111 12

  13. WebdamLog peers Support communication with other peers Support common security protocols Support wrappers to external systems such as Facebook Manage knowledge - store knowledge (facts and rules) - exchange knowledge with other peers - perform reasoning S. Abiteboul EPFL-INRIA, 11111011111 13

  14. The Web as a distributed knowledge base WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion S. Abiteboul EPFL-INRIA, 11111011111 14

  15. Motivation Contradictions (in intentional or extensional data) come from -errors, lies, rumors, updates -FD violations: some think Alice was born in Paris, others that she was born in London -opinions: some think Brahms is great; others don t Uncertainty comes from -lack of information -contradictions Probabilities may be used to measure uncertainty - 80% think Alice was born in Paris, 20% in London - sources: we observed that Peter is wrong 20% of the time S. Abiteboul EPFL-INRIA, 11111011111 15

  16. The Web as a distributed knowledge base WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion S. Abiteboul EPFL-INRIA, 11111011111 16

  17. Requirements Data access Users would like to control who can read and modify their information Data dissemination Users would like to control how their data are transferred from one participant to another, and how they are combined, with the owner of each piece of data keeping some control over it Application control Users would like to control which applications can run on their behalf, and what information these applications can access. S. Abiteboul EPFL-INRIA, 11111011111 17

  18. Coarse grain access control [at Alice] album@Bob($p,$f) :- photo@Alice($p,$f) friend@Alice($f) album@Bob is extensional Whoever has read access to album@Bob sees all the relation S. Abiteboul EPFL-INRIA, 11111011111 18

  19. Fine grain access control [at Bob] photo@Alice($p,$f) :- photo@Bob($p,$f) [at Sue] photo@Alice($p,$f) :- photo@Sue($p,$f) photo@Alice is intensional Toto who has read privilege to photo@Alice and photo@Bob only, sees only the photos of Bob photo@Alice Lulu who has read privilege on the three photos relations, sees everything The provenance of a fact determines who sees this fact (Truman paradigm) S. Abiteboul EPFL-INRIA, 11111011111 19

  20. Overwriting the default for intensional data Suppose Bob wants to publish only the photos of his friends [at Bob] photo@Alice($p,$f) :- photo@Bob($p,$f) friends@Bob($f) Issue: you can read these photos only if you have read privilege on friends@Bob that is private S. Abiteboul EPFL-INRIA, 11111011111 20

  21. Overwriting the default for intensional data [at Bob] photo@Alice($p,$f) :- photo@Bob($p,$f) [ hide friends@Bob($f) ] Hide: blocks the provenance from friends@Bob Bob declassify this data just for the evaluation of this rule You can declassify only tuples you own grant privilege S. Abiteboul EPFL-INRIA, 11111011111 21

  22. Issues with non local rules [at Bob] message@Sue( I hate you ) :- date@Alice(d) aliceSecret@Bob(x) :- date@Alice(d), secret@Alice(x) Ignoring access rights, by delegation, this results in running [at Alice] message@Sue( I hate you ) :- date@Alice(d) aliceSecret@Bob(x) :- date@Alice(d), secret@Alice(x) S. Abiteboul EPFL-INRIA, 11111011111 22

  23. Default solution: sand box We run the rule at Alice in a Sandbox We use the access rights of Bob So the second rule does not succeed in sending secrets The message specifies that this is done at Bob s request So requires authentication/signatures Alternative: delegation without sandbox. Possible if the peer that asks for the delegation is given the privilege to install rules at the other peer Here if Alice gives Bob the right to install a rule in her environment S. Abiteboul EPFL-INRIA, 11111011111 23

  24. The Web as a distributed knowledge base WebdamLog: a rule-based language for the Web The WebdamLog system Inconsistencies and uncertainty Access control Conclusion S. Abiteboul EPFL-INRIA, 11111011111 24

  25. Thesis Let us turn the Web into a distributed knowledge base with billions of users supported by billions of systems analyzing information extracting knowledge exchanging knowledge inferring knowledge S. Abiteboul EPFL-INRIA, 11111011111 25

  26. Contribution The general approach [ICDE 12] The WebdamLog language [PODS 11] The WebdamLog System based on Bud engine/Berkeley [WebDB 11, DBPL13, demos ICDE 11, SIGMOD 14] Contradictions, inconsistencies [ICDT 14] S. Abiteboul EPFL-INRIA, 11111011111 26

  27. Ongoing works Optimization & access control with Drexel Univ. (Julia Stoyanovich) Performance evaluation shows cost is acceptable Now: Personal information management systems Joint work with Am lie Marian (next EDBT) Joint work with Benjamin Andr and Daniel Kaplan (To appear in CACM) S. Abiteboul EPFL-INRIA, 11111011111 27

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#